jotasan
05-02-2019, 06:55 PM
Failed test for not being fast enough in the config. Next one won't happen.
H3-CFG
1.1-3 like wb
2.1 In sw300-301 we need to passivate vlan 2000-2001 . Two reasons: so they don’t have ospf peerings on these vlans and so they can both show DR in their interfaces’ ends
2.2. like wb.
2.3. note it asks you for the routes to be seen as O E2 by r100 but you will never be able to see them directly (no access to cli)
2.4 like wb. Remember sw1xx don’t have/need next-hop-self
2.5 like wb
2.6 local subnet advertisement to be configured also in r14-r15 but, in this point, we still don't have ebgp peerings to the remote sites.
NAT both in r14 and r15. Both using nat pool, not overload.
2.7 like wb
2.8 Basically like wb.
I used route-maps in/out everywhere to set LP, prepending and to filter transit routes
2.9 like wwb.
2.10 Info source rp-announce appeared with lo1 address. It gave ne some problems as lo1 wasn't preconfigured with pim. Also not sure which of both RP candidates should have the send-rp-discovery directive (both?). Need to lab this.
2.11 no time to finish this one :-(
3.1 some interfaces had ldp missing
3.2 mostly like wb. Some bits and pieces missing in tunnel configs.
3.4 Most in r24 was configured. Not sure about r25 tbh. No ibgp between r24-25.
There was an additional lo in r24 (besides lo.123…), maybe was there just to confuse you.
3.3 Internet access
Like wb but additional request: In R60 don't unnecessary arp requests to ISP.
4.1 policy for a maximum of 2 hops
4.2. like wb
5.2: As wb but added: make sure the qos works for ipv6.
H3DIAG:
Snooping: You need to select in the diagram. the link where the pcap is taken from. first frame of bootp and you need to enable relay trusted
Backdoor: only two tcp streams.
'x' as command to disrupt the box
TS1
This was easy. All +- like workbook except
In-4 ppp server has 'peer default ip address dhcp-pool POOL' instead of 'ip address pool'
H3-CFG
1.1-3 like wb
2.1 In sw300-301 we need to passivate vlan 2000-2001 . Two reasons: so they don’t have ospf peerings on these vlans and so they can both show DR in their interfaces’ ends
2.2. like wb.
2.3. note it asks you for the routes to be seen as O E2 by r100 but you will never be able to see them directly (no access to cli)
2.4 like wb. Remember sw1xx don’t have/need next-hop-self
2.5 like wb
2.6 local subnet advertisement to be configured also in r14-r15 but, in this point, we still don't have ebgp peerings to the remote sites.
NAT both in r14 and r15. Both using nat pool, not overload.
2.7 like wb
2.8 Basically like wb.
I used route-maps in/out everywhere to set LP, prepending and to filter transit routes
2.9 like wwb.
2.10 Info source rp-announce appeared with lo1 address. It gave ne some problems as lo1 wasn't preconfigured with pim. Also not sure which of both RP candidates should have the send-rp-discovery directive (both?). Need to lab this.
2.11 no time to finish this one :-(
3.1 some interfaces had ldp missing
3.2 mostly like wb. Some bits and pieces missing in tunnel configs.
3.4 Most in r24 was configured. Not sure about r25 tbh. No ibgp between r24-25.
There was an additional lo in r24 (besides lo.123…), maybe was there just to confuse you.
3.3 Internet access
Like wb but additional request: In R60 don't unnecessary arp requests to ISP.
4.1 policy for a maximum of 2 hops
4.2. like wb
5.2: As wb but added: make sure the qos works for ipv6.
H3DIAG:
Snooping: You need to select in the diagram. the link where the pcap is taken from. first frame of bootp and you need to enable relay trusted
Backdoor: only two tcp streams.
'x' as command to disrupt the box
TS1
This was easy. All +- like workbook except
In-4 ppp server has 'peer default ip address dhcp-pool POOL' instead of 'ip address pool'